publications
list of all my peer-reviewed papers published on Rank A top tier conferences
IT security conferences, the most important publication medium in my area, use the CORE ranking. Top-tier conferences are ranked A* (filter). You can find my citation profiles below.
Total: 47. Peer Reviewed: 32. Rank A*: 12. Rank A: 7. Awarded: 3.
2024
- SoK: SSO-MONITOR — The Current State and Future Research Directions in Single Sign-On Security MeasurementsLouis Jannett, Maximilian Westers, Tobias Wich, Christian Mainka, Andreas Mayer, and Vladislav MladenovIn European Symposium on Security and Privacy (Euro S&P), Vienna, Austria, accepted papers: 45/208 = 22%, Jul 2024
Single Sign-On (SSO) with OAuth 2.0 and OpenID Connect 1.0 is essential for user authentication and authorization on the Internet. Billions of users rely on SSO services provided by Google, Facebook, and Apple. For large-scale measurements on the security of SSO, researchers need to reliably detect SSO implementations in the wild. In this paper, we survey the current state of 36 SSO measurement tools from prior work and discover gaps leading to blind spots in the SSO landscape that hinder the community from improving large-scale research. We observe unreliable measurements and a lack of reproducibility, making comparisons between studies difficult, if not impossible. We fill these gaps with SSO-Monitor, our open-source, modular, and highly extensible framework for large-scale SSO landscape and security measurements. SSO-Monitor achieves a high accuracy of 93% and, compared to prior tools, significantly improves the reliability of SSO measurements by 19%. It continuously takes snapshots of SSO implementations on the top 1M websites to compose an SSO archive that is reproducible by design. Therefore, it passively monitors the SSO flows and provides an extensive set of landscape and security insights on sso-monitor.me. Our SSO archive allows researchers to conduct comprehensive measurements over time and even beyond the scope of SSO. We use the data in our SSO archive to measure the security of 89k SSO authentication flows on the top 1M websites. Thereby, we discover 33k violations of the OAuth Security Best Current Practices and 339 severe security vulnerabilities. They include 30 username and password leaks and 28 token leaks that enable full account takeovers.
@inproceedings{jannettSoKSSOMONITORCurrent2024, title = {{{SoK}}: {{SSO-MONITOR}} — {{The Current State}} and {{Future Research Directions}} in {{Single Sign-On Security Measurements}}}, booktitle = {European {{Symposium}} on {{Security}} and {{Privacy}} ({{Euro S}}\&{{P}})}, author = {Jannett, Louis and Westers, Maximilian and Wich, Tobias and Mainka, Christian and Mayer, Andreas and Mladenov, Vladislav}, date = {2024-07-08}, publisher = {IEEE}, location = {Vienna, Austria}, url = {https://eurosp2024.ieee-security.org/program.html#paper192}, eventtitle = {{{EuroS}}\&{{P}}}, month = jul, }
2018
- More Is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and ThreemaPaul Rösler, Christian Mainka, and Jörg SchwenkIn European Symposium on Security and Privacy (Euro S&P), London, United Kingdom, accepted papers: 33/144 = 23%, Jul 2018
Secure instant messaging is utilized in two variants: one-to-one communication and group communication. While the first variant has received much attention lately (Frosch et al., EuroS&P16; Cohn-Gordon et al., EuroS&P17; Kobeissi et al., EuroS&P17), little is known about the cryptographic mechanisms and security guarantees of secure group communication in instant messaging. To approach an investigation of group instant messaging protocols, we first provide a comprehensive and realistic security model. This model combines security and reliability goals from various related literature to capture relevant properties for communication in dynamic groups. Thereby the definitions consider their satisfiability with respect to the instant delivery of messages. To show its applicability, we analyze three widely used real-world protocols: Signal, WhatsApp, and Threema. Since these protocols and their implementations are mostly undocumented for the public and two out of three applications among them are closed source, we describe the group protocols employed in Signal, WhatsApp, and Threema. By applying our model, we reveal several shortcomings with respect to the security definition. Therefore we propose generic countermeasures to enhance the protocols regarding the required security and reliability goals. Our systematic analysis reveals that (1) the communications’ integrity – represented by the integrity of all exchanged messages – and (2) the groups’ closeness – represented by the members’ ability of managing the group – are not end-to-end protected. We additionally show that strong security properties, such as Future Secrecy which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication.
@inproceedings{roslerMoreLessEndtoend2018, title = {More Is Less: {{On}} the End-to-End Security of Group Chats in Signal, {{WhatsApp}}, and Threema}, booktitle = {European {{Symposium}} on {{Security}} and {{Privacy}} ({{Euro S}}\&{{P}})}, author = {Rösler, Paul and Mainka, Christian and Schwenk, Jörg}, date = {2018}, pages = {415--429}, publisher = {IEEE}, location = {London, United Kingdom}, doi = {10.1109/eurosp.2018.00036}, url = {https://doi.ieeecomputersociety.org/10.1109/EuroSP.2018.00036}, eventtitle = {{{EuroS}}\&{{P}}}, }
2017
- SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web EditorDennis Felsch, Christian Mainka, Vladislav Mladenov, and Jörg SchwenkIn ACM Asia Conference on Computer and Communications Security (ASIACCS), Abu Dhabi, UAE, accepted papers: 71/359 = 20%, Apr 2017
Real-time editing tools like Google Docs, Microsoft Office Online, or Etherpad have changed the way of collaboration. Many of these tools are based on Operational Transforms (OT), which guarantee that the views of different clients onto a document remain consistent over time. Usually, documents and operations are exposed to the server in plaintext – and thus to administrators, governments, and potentially cyber criminals. Therefore, it is highly desirable to work collaboratively on encrypted documents. Previous implementations do not unleash the full potential of this idea: They either require large storage, network, and computation overhead, are not real-time collaborative, or do not take the structure of the document into account. The latter simplifies the approach since only OT algorithms for byte sequences are required, but the resulting ciphertexts are almost four times the size of the corresponding plaintexts. We present SECRET, the first secure, efficient, and collaborative real-time editor. In contrast to all previous works, SECRET is the first tool that (1.) allows the encryption of whole documents or arbitrary sub-parts thereof, (2.) uses a novel combination of tree-based OT with a structure preserving encryption, and (3.) requires only a modern browser without any extra software installation or browser extension. We evaluate our implementation and show that its encryption overhead is three times smaller in comparison to all previous approaches. SECRET can even be used by multiple users in a low-bandwidth scenario. The source code of SECRET is published on GitHub as an open-source project: https://github.com/RUB-NDS/SECRET/
@inproceedings{felschSECRETFeasibilitySecure2017, title = {{{SECRET}}: {{On}} the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor}, booktitle = {{{ACM Asia Conference}} on {{Computer}} and {{Communications Security}} ({{ASIACCS}})}, author = {Felsch, Dennis and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, date = {2017-04}, publisher = {ACM Press}, location = {Abu Dhabi, UAE}, doi = {10.1145/3052973.3052982}, url = {https://dl.acm.org/doi/10.1145/3052973.3052982}, eventtitle = {{{AsiaCCS}}}, howpublished = {In Submission: AsiaCCS 2017}, month = apr, } - SoK: Single Sign-On Security – An Evaluation of OpenID ConnectChristian Mainka, Vladislav Mladenov, Tobias Wich, and Jörg SchwenkIn European Symposium on Security and Privacy (Euro S&P), Parice, France, accepted papers: 38/194 = 20%, Apr 2017
OpenID Connect is the OAuth 2.0-based replacement for OpenID 2.0 (OpenID) and one of the most important Single Sign-On (SSO) protocols used for delegated authentication. It is used by companies like Amazon, Google, Microsoft, and PayPal. In this paper, we systematically analyze wellknown attacks on SSO protocols and adapt these on OpenID Connect. We additionally introduce two novel attacks on OpenID Connect, Identity Provider Confusion and Malicious Endpoints Attack abusing lacks in the current specification and breaking the security goals of the protocol. We communicated these attacks in 2014 with the authors of the OpenID Connect specification and helped to develop a fix (currently an RFC Draft). We categorize the described attacks in two classes: Single-Phase Attacks abusing a lack of a single security check and Cross-Phase Attacks requiring a complex attack setup and manipulating multiple messages distributed across the whole protocol workflow. We provide an evaluation of officially referenced OpenID Connect libraries and find 75% of them vulnerable to at least one Single-Phase Attack. All libraries are susceptible Cross-Phase Attacks which is not surprising since the attacks abuse a logic flaw in the protocol and not an implementation error. We reported the found vulnerabilities to the developers and helped them to fix the issues. We address the existing problems in a Practical Offensive Evaluation of Single Sign-On Services (PrOfESSOS). PrOfESSOS is our open source implementation for fully automated Evaluation-as-a-Service for SSO. PrOfESSOS introduces a generic approach to improve the security of OpenID Connect implementations by systematically detecting vulnerabilities. In collaboration with the IETF OAuth and OpenID Connect working group, we integrate PrOfESSOS into the OpenID Connect certification process.
@inproceedings{mainkaSoKSingleSignOn2017, title = {{{SoK}}: {{Single Sign-On Security}} – {{An Evaluation}} of {{OpenID}} Connect}, booktitle = {European {{Symposium}} on {{Security}} and {{Privacy}} ({{Euro S}}\&{{P}})}, author = {Mainka, Christian and Mladenov, Vladislav and Wich, Tobias and Schwenk, Jörg}, date = {2017-04}, publisher = {IEEE}, location = {Parice, France}, doi = {10.1109/EuroSP.2017.32}, url = {https://doi.ieeecomputersociety.org/10.1109/EuroSP.2017.32}, eventtitle = {{{EuroS}}\&{{P}}}, month = apr, }
2016
- How Secure Is TextSecure?Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, and Thorsten HolzIn European Symposium on Security and Privacy (Euro S&P), Saarbrücken, Germany, accepted papers: 29/169 = 17%, Mar 2016
Instant Messaging has gained popularity by users for both private and business communication as low-cost short message replacement on mobile devices. However, until recently, most mobile messaging apps did not protect confidentiality or integrity of the messages. Press releases about mass surveillance performed by intelligence services such as NSA and GCHQ motivated many people to use alternative messaging solutions to preserve the security and privacy of their communication on the Internet. Initially fueled by Facebook’s acquisition of the hugely popular mobile messaging app WHATSAPP, alternatives claiming to provide secure communication experienced a significant increase of new users. A messaging app that claims to provide secure instant messaging and has attracted a lot of attention is TEXTSECURE. Besides numerous direct installations, its protocol is part of Android’s most popular aftermarket firmware CYANOGENMOD. TEXTSECURE’s successor Signal continues to use the underlying protocol for text messaging. In this paper, we present the first complete description of TEXTSECURE’s complex cryptographic protocol, provide a security analysis of its three main components (key exchange, key derivation and authenticated encryption), and discuss the main security claims of TEXTSECURE. Furthermore, we formally prove that—if key registration is assumed to be secure—TEXTSECURE’s push messaging can indeed achieve most of the claimed security goals.
@inproceedings{froschHowSecureTextSecure2016, title = {How Secure Is {{TextSecure}}?}, booktitle = {European {{Symposium}} on {{Security}} and {{Privacy}} ({{Euro S}}\&{{P}})}, author = {Frosch, Tilman and Mainka, Christian and Bader, Christoph and Bergsma, Florian and Schwenk, Jörg and Holz, Thorsten}, date = {2016-03}, publisher = {IEEE}, location = {Saarbrücken, Germany}, doi = {10.1109/EuroSP.2016.41}, url = {https://doi.ieeecomputersociety.org/10.1109/EuroSP.2016.41}, eventtitle = {{{EuroS}}\&{{P}}}, month = mar, } - Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-OnChristian Mainka, Vladislav Mladenov, and Jörg SchwenkIn European Symposium on Security and Privacy (Euro S&P), Saarbrücken, Germany, accepted papers: 29/169 = 17%, Mar 2016
Single Sign-On (SSO) systems simplify login procedures by using an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is reasonable for centralized SSO systems like Kerberos, where each SP explicitly specifies which single IdP it trusts. However, a typical use case for SPs like Salesforce is that each customer is allowed to configure his own IdP. A malicious IdP should however only be able to compromise the security of those accounts on the SP for which it was configured. If different accounts can be compromised, this must be considered as a serious attack. Additionally, in open systems like OpenID and OpenID Connect, the IdP for each customer account is dynamically detected in a discovery phase. Our research goal was to test if this phase can be used to trick a SP into using a malicious IdP for legitimate user accounts. Thus, by introducing a malicious IdP we evaluate in detail the popular and widely deployed SSO protocol OpenID. We found two novel classes of attacks, ID Spoofing (IDS) and Key Confusion (KC), on OpenID, which were not covered by previous research. Both attack classes allow compromising the security of all accounts on a vulnerable SP, even if those accounts were not allowed to use the malicious IdP. As a result, we were able to compromise 12 out the most popular 17 existing OpenID implementations, including Sourceforge, Drupal, ownCloud and JIRA. We developed an open source tool OpenID Attacker, which enables the fully automated and fine granular testing of OpenID implementations. Our research helps to better understand the message flow in the OpenID protocol, trust assumptions in the different components of the system, and implementation issues in OpenID components. All OpenID implementations have been informed about their vulnerabilities and we supported them in fixing the issues. One year after our reports, we have evaluated 70 online websites. Some of them have upgraded their libraries and were safe from our attacks, but 26% were still vulnerable.
@inproceedings{mainkaNotTrustMe2016, title = {Do Not Trust Me: {{Using}} Malicious {{IdPs}} for Analyzing and Attacking Single Sign-On}, booktitle = {European {{Symposium}} on {{Security}} and {{Privacy}} ({{Euro S}}\&{{P}})}, author = {Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, date = {2016}, pages = {321--336}, publisher = {IEEE}, location = {Saarbrücken, Germany}, doi = {10.1109/eurosp.2016.33}, url = {https://doi.ieeecomputersociety.org/10.1109/EuroSP.2016.33}, eventtitle = {{{EuroS}}\&{{P}}}, organization = {IEEE}, }
2013
- A New Approach towards DoS Penetration Testing on Web ServicesAndreas Falkenberg, Christian Mainka, Juraj Somorovsky, and Jörg SchwenkIn International Conference on Web Services (ICWS), Santa Clara, CA, USA, accepted papers: 91/479 = 19%, Jun 2013
SOAP-based Web services is a middleware technology marketed as the solution to easy data exchange between heterogeneous IT architectures. The large number of scenarios, in which this technology is used, has introduced demands for new extensions raising its complexity. However, this has also introduced a large variety of new attacks. In this paper, we investigate an automatic evaluation of Web service specific Denial of Service (DoS) attacks. We present a new fully automated plugin for the WS-Attacker penetration testing tool implementing major DoS attacks. Our tool determines the attack success without having physical access to the target machine, using a novel blackbox approach. We give an overview of our design decisions and present the evaluation results using common Web service frameworks and systems.
@inproceedings{falkenbergNewApproachDoS2013, title = {A New Approach towards {{DoS}} Penetration Testing on Web Services}, booktitle = {International Conference on Web Services ({{ICWS}})}, author = {Falkenberg, Andreas and Mainka, Christian and Somorovsky, Juraj and Schwenk, Jörg}, date = {2013-06}, pages = {491--498}, publisher = {IEEE}, location = {Santa Clara, CA, USA}, doi = {10.1109/ICWS.2013.72}, url = {https://dl.acm.org/doi/10.1109/ICWS.2013.72}, added-at = {2013-11-06T00:00:00.000+0100}, ee = {http://doi.ieeecomputersociety.org/10.1109/ICWS.2013.72}, eventtitle = {{{ICWS}}}, interhash = {965d5d82b3c79f96a7992362481d1cc5}, intrahash = {63d306b64ea638a8abc1d4e51ca7d63e}, month = jun, }